Using biometric user-specific attributes

ABSTRACT

Techniques are provided for determining two or more user-specific parameters that can be measured or obtained using various methods, and using values of the two or more user-specific parameters to uniquely identify or authenticate an individual, or to determine authenticity or ownership of a device. Examples of the user-specific parameters may include biometric parameters, textual-based parameters, a combination of biometric parameters and textual-based parameters, and the like.

BENEFIT CLAIM

This application claims the benefit under 35 U.S.C. § 120 as aContinuation of application Ser. No. 15/999,566 filed Aug. 20, 2018which is a Continuation-in-part of application Ser. No. 15/681,272,filed Aug. 18, 2017, now U.S. Pat. No. 10,055,566, which is aContinuation of application Ser. No. 14/843,726, filed Sep. 2, 2015, nowU.S. Pat. No. 9,740,841, which claimed the benefit of ProvisionalApplication Ser. No. 62/047,568, filed Sep. 8, 2014 the entire contentsof which is hereby incorporated by reference for all purposes as iffully set forth herein. The applicants hereby rescind any disclaimer ofclaim scope in the parent application or the prosecution history thereofand advise the USPTO that the claims in this application may be broaderthan any claim in the parent application.

TECHNICAL FIELD

The present disclosure generally relates to determining one or morecombinations of values of two or more biometric attributes andparameters that are unique to a user, an authorized provider or anauthorized service provider of a device, and using the values of theattributes and parameters to control user's access to secure devices, todetermine whether the user is capable of performing certain functions,or to determine authenticity or ownership of the device.

BACKGROUND

The approaches described in this section are approaches that could bepursued, but not necessarily approaches that have been previouslyconceived or pursued. Therefore, unless otherwise indicated, it shouldnot be assumed that any of the approaches described in this sectionqualify as prior art merely by virtue of their inclusion in thissection.

Existing biometric identification and authentication methods usuallyinvolve verification of values of a single parameter against some normsor baseline data. The norms or the baseline data may be determined basedon the averaged values computed for a population of individualsexhibiting similar characteristics. However, as the requirements for theauthentication and security systems become more rigorous, relying on thenorms or baselines often becomes insufficient and inadequate.

As computer technologies become more and more sophisticated, new demandsare placed on authentication and security systems. However, theconventional authentication and security systems are often unable tokeep up with the new demands. These days, when even quite complexconventional security systems can be compromised, the conventionalsystems appear to be unreliable or obsolete. For example, some of theconventional security systems may be unable to distinguish the falselyidentified breaches (also referred to as “false positive”) from the realsecurity breaches.

SUMMARY

Techniques are provided for determining two or more user-specificparameters that can be measured or obtained using various methods, andusing values of the two or more user-specific parameters to uniquelyidentify or authenticate the user. Examples of the user-specificparameters may include biometric parameters, textual-based parameters, acombination of biometric parameters and textual-based parameters, andthe like.

Two or more user-specific parameters are selected in such a way that thevalues sampled for a user may be used to uniquely identify the user andto distinguish the user from any other user. The disclosure is directedto selecting parameters that are based on biometric characteristics ofindividuals; however, other types of parameters may also be used.

Successful identification and/or authentication of an individual mayoccur when the parameter values entered, or otherwise provided, to asystem when the user requests an access to resources match the values ofbiometric user-specific parameters stored in a reference database. If amatch is found, then the user may be positively identified and/orsuccessfully authenticated to the system. For example, when the valuesprovided by the user when the user requests an access to a buildingmatch the values of two or more user-specific characteristics stored ina reference database for the user, then the user may be positivelyauthenticated to the building security system and granted access to thebuilding.

Values of two or more user-specific parameters may be compared with thevalues stored in a reference database to not only uniquely identify orauthenticate a user, but also to determine whether the user can performcertain functions or actions. If a match is found, then the system maydetermine that the user can perform certain functions, such as towithdraw funds from a bank account, watch a PG-13-rated televisionprogram, and the like. According to another example, if the valuescollected or sampled from a user do not match the reference valuesstored for the individual in a reference database, then the system maydetermine that the user is under the influence of alcohol, and thusprevent the user from operating machinery or automobiles.

In an embodiment, a system that performs an identification and/orauthentication of an individual and/or determines the individual'scapabilities to perform certain functions based on two or more biometricuser-specific characteristics may be more reliable and accurate than asystem that performs such steps by relying only on one parameter. Forexample, relying just on one characteristic, such as a heart pulse rateof an individual, may be insufficient to uniquely identify theindividual since it is possible that two or more individuals may havethe same pulse rate at a particular moment.

Furthermore, a system that relies on a comparison between values ofbiometric user-specific parameters stored in a reference database andvalues of the parameters entered to a system by a user when the userrequests access to resources may be more reliable and accurate than asystem that relies on a comparison between normalized values computed asaverage values of parameter values obtained from a population of users.For example, using the normalized values (norms) computed as averagevalues of characteristics obtained from many users may not be asaccurate as using actual parameter values obtained from the individualuser.

Techniques are also provided for determining authenticity or ownershipof devices. In an embodiment, an approach includes receivingidentification data from a device of a particular device type,determining an authentic provider of one or more devices of theparticular device type, and comparing the identification data receivedfrom the device with reference data collected for the authentic providerof the devices of the particular device type to determine whether thedevice is authentic. This approach may be particularly helpful indetermining whether the device is genuine or counterfeited.

In an embodiment, an approach may include comparing identification datareceived from a device with reference data collected for an owner of thedevice to determine a rightful owner of the device. This approach may beparticularly helpful in tracking stolen and then found devices.

Usually, identification data is something that is stored or embedded inthat portion of a device that is difficult to spot, access, or see. Theidentification data may be, for example, a voice sample of an owner of asmartphone, and may be received from the smartphone once the smartphoneis powered on and unlocked. The identification data of the device doesnot correspond, however, to a digital watermark or a digital signatureimprinted on the device.

Identification data of a device may be available to an inquiring partyusing either an active approach or a passive approach. In the activeapproach, the device is configured to send, or otherwise communicate,one or more samples to an inquiring party. The active approach isusually applicable to the devices that are equipped with batteries orcan be connected to a power source. For example, if the device is asmartphone, then upon powering up the smartphone, the smartphone mayreceive an electronic request to provide the device's identificationdata. In response thereto, the smartphone may generate and transmit anelectronic response with the identification data. The electronic datamay include a digital image that can be used to confirm authenticity ofthe smartphone. Alternatively, or in addition, the electronic data mayinclude a voice sample that has been collected from an owner of thesmartphone, and that can be used to verify whether a person presentingthe smartphone is the owner of the smartphone.

In the passive approach, a device itself may be unable to send, orotherwise communicate, the device's identification data to an inquiringparty. The passive approach is usually applicable to the devices thatcannot be powered on. A passive device, such as for example, aMontBlanc™ pen which usually cannot generate and send electronicmessages on its own, may have an identification mark imprinted somewhereinside pen. A person who wants to verify authenticity of the pen needsto disassemble the pen and look for the identification mark inside thepen.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings:

FIG. 1 illustrates computer environment configured to collect and usebiometric and physiological attributes to identify/authenticate a userand to determine user's capabilities to perform certain functions;

FIG. 2 illustrates examples of biometric characteristics;

FIG. 3 illustrates examples of collecting user-specific biometriccharacteristics;

FIG. 4 illustrates examples of collectors of biometric characteristics;

FIG. 5 illustrates an example of a process of collecting and usinguser-specific biometric attributes;

FIG. 6 illustrates an example of a process of using biometricuser-specific attributes;

FIG. 7 illustrates an example flow chart for a process of usingbiometric user-specific attributes to identify or authenticate users;

FIG. 8A illustrates an example user profile;

FIG. 8B illustrates an example device profile;

FIG. 8C illustrates an example device profile;

FIG. 9 is a block diagram of a computer system with which an embodimentmay be used;

FIG. 10 illustrates an example flow chart of a process of usingidentification data received from a device to determine authenticity orownership of the device;

FIG. 11 illustrates an example flow chart of a process of rankingidentification data received from a device to determine authenticity orownership of the device.

DETAILED DESCRIPTION

In the following description, for the purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of the present approach. It will be apparent, however,that the present approach may be practiced without these specificdetails. In other instances, well-known structures and devices are shownin block diagram form in order to avoid unnecessarily obscuring thepresent approach.

Overview

Techniques are provided for determining two or more user-specificparameters that can be measured, or otherwise obtained, and using valuesof the two or more user-specific parameters to uniquely identify orauthenticate an individual, and/or to determine authenticity orownership of devices. Examples of the user-specific parameters mayinclude biometric parameters, such as behavioral biometric parameters,physiological biometric parameters, and the like. Behavioral biometricparameters may include voice and speech characteristics of anindividual, and the like. Physiological biometric parameters may includepapillary lines of a thumb of an individual, and the like. Additionalexamples of user-specific parameters and characteristics are describedin FIG. 2.

For illustration purposes, various embodiments are described in contextof biometric user-specific parameters. However, the embodiments are notlimited to the biometric user-specific parameters. For example, theuser-specific parameters may include textual-based parameters, acombination of biometric parameters and textual-based parameters, acombination of biometric parameters and other types of parameters, justbiometric parameters, and other combinations of user-specificparameters.

In an embodiment, an approach for a successful identification and/orauthentication of an individual is provided. A successfulidentification/authentication of a user may occur when the valuesentered, or otherwise provided, to a system by the user when the userrequests an access to resources match the values of two or morebiometric user-specific parameters stored in a reference database. If amatch is found, then the user may be positively identified and/orsuccessfully authenticated to the system. For example, when the valuesprovided by the user when the user requests an access to an online bankaccount match the values of two or more user-specific characteristicsstored in a reference database for a user, then the user may bepositively authenticated to the bank security system and granted accessto his bank account.

Two or more biometric user-specific parameters are referred to as acombination of the user-specific parameters. A combination may bedetermined by selecting such two or more biometric (or other)user-specific characteristics that, in combination, are unique to theuser. Since relying on just one characteristic may be sometimesinsufficient or lead to false-positives, relying on two or morecharacteristics selected in such a way that the combination is unique tothe user provides more reliable results. For example, if a user wears awatch, and the watch is programmed to measure a heart pulse rate of theuser and transmit the pulse rate readings to an authentication system,then even if the pulse rate is taken accurately, the authenticationsystem that relies only on the pulse rate readings may be inaccuratesince more than one individual may have the same pulse rate. However, ifthe watch is programmed to measure a pulse rate of the user, take avoice sample of the user, and transmit both the pulse rate reading andthe voice sample to an authentication system, then the authenticationsystem that analyzes the combination of the pulse rate readings andvoice samples may be quite accurate since it is unlikely that twoindividuals would have the same pulse rate and voice characteristics.

Using combinations of two or more user-specific characteristics may beused to identify and/or authenticate a user who attempts to gain accessto a variety of devices. For example, the combinations of user-specificcharacteristics may be used to grant access to devices, such as laptops,tablets, smart phones, computers, workstations, and the like. Further,the combinations of user-specific characteristics may be used to grantaccess to appliances, such as refrigerators, wine coolers, televisionsets, stereo systems, residential alarm systems, commercial alarmsystems, elevators, household appliances, and the like. Moreover, thecombinations of user-specific characteristics may be used to grantaccess to vehicles, boats, and others. For example, a vehicle alarmsystem may be programmed to collect, from a user, values of two or moreuser-specific characteristics, and based on the collected valuesdetermine whether the user may open the car door, start the car engine,drive the vehicle, and the like.

Relying on a combination of two or more characteristics is more reliablethan relying on just one characteristic because it provides more datathat is specific to the user. For example, conventional vehicle alarmsystems that rely just on one piece of information are inferior to theproposed systems. In a conventional vehicle alarm system, the system mayjust test whether the user is in possession of an electronic key to thevehicle and if so, allow the user to open the car door and start theengine. However, the conventional system does not check for example,whether it is indeed the authorized user who is in possession of theelectronic key to the vehicle. In contrast, the presented approachapplied to a vehicle alarm system may take into consideration two ormore user-specific characteristics and tests the values of suchcharacteristics before the system grants the user access to the vehicle.

Matching criteria may be defined in a variety of ways. For example, if acomparison involves comparing voice samples, then audio frequenciesincluded in the voice samples may be compared. If a comparison involvescomparing readings from medical instruments such as an EKG machine, thenEKG signals may be compared with the reference signals. Other examplesare provided below.

A comparison may involve comparing two or more values whether they matchexactly, or whether they match within certain ranges or within certainerror margins. For example, if a comparison involves comparing a readingfrom a blood-pressure-measuring instrument and a reference value storedin a reference database, then the system may try to find whether thereading matches the reference value exactly, or whether the readingmatches the reference value within a certain error margin.

Values of two or more user-specific parameters may be compared with thevalues stored in a reference database to not only uniquely identify orauthenticate a user, but also to determine whether the user can performcertain functions or actions. If a match is found, then the user'sabilities to perform a certain function or functions may be determined.For example, the values collected or sampled from a user at a particularmoment may be compared with reference values stored for the individualin a reference database to determine whether the user is under influenceof alcohol, and if he is, defeat the user's attempts to operatemachinery or automobiles. Furthermore, the system may be configured tocontinue to perform the functions in various modes, as well as supportvarious monitoring functions.

In an embodiment, the system is equipped with eye-tracking devices tomonitor the eyes or face movements of a driver. Based on the inputcollected by the eye-tracking devices, the system may determine whetherthe driver can drive the vehicle. If the driver appears to be impairedor under the influence of alcohol, then the system may prevent the userfrom starting the vehicle, or if the user is already driving thevehicle, gradually reduce the speed of the vehicle, and/or eventuallydisable the engine of the vehicle.

According to another example, when a voice sample provided by a userwhen the user tries to start an engine of a vehicle matches the voicesample stored in a reference database for the user, and the user'sfingerprint sample provided by the user when the user tries to start theengine match the fingerprint sample stored in the reference database forthe user, then the user may be positively authenticated to the vehiclesecurity system, and the vehicle engine may start.

According to other example, if a user speech pattern and characteristicscollected by microphones located inside a vehicle do not match theuser's speech patterns and characteristics stored in a referencedatabase for the user, then the user's attempts to start an engine ofthe vehicle may be ineffective. If a user appears to be under theinfluence of alcohol, then the user's speech pattern and characteristicscollected by microphones located inside the vehicle may be differentthan the user's speech patterns and characteristics stored in areference database. In such a case, based on the comparison, the vehiclesecurity system may prevent the user from staring the vehicle.

In an embodiment, an approach is more reliable and accurate than othersystems because the presented approach relies on two or more parameters.For example, relying just on one characteristics, such as theindividual's facial characteristics, may be insufficient to uniquelyidentify the individual since it is possible that more than oneindividual may have the same facial characteristics.

In an embodiment, a system relies on a comparison between values of twoor more biometric, user-specific parameters stored in a referencedatabase for a user and values of the parameters entered to the systemby the user when the user requests access to resources. Such a systemmay be more reliable and accurate than a system that relies on acomparison between the norms computed from averaged values and thevalues entered by the user. For example, using a comparison betweennormalized values (norms) and values entered by an individual may be notas accurate as using a comparison between the actual values because thenorms are usually determined based on the values of certaincharacteristics of a certain population of individuals. The norms mayrepresent an averaged value computed from multiple values, and thus maynot be sufficiently specific to a particular individual. In contrast,using a comparison between the values of user-specific parameters may bemore accurate and may reduce the count of false-positives.

Structural Overview

In an embodiment, a system is configured to performidentification/authentication of a user and/or to determine whether theuser can perform certain functions or actions.

FIG. 1 illustrates computer environment 10 configured to collect and usebiometric and physiological attributes to identify/authenticate a userand to determine user's abilities to perform certain functions. In theillustrated example, one or more data collectors 110 collect data fromvarious sources. For example, data collectors 110 may collect data fromsensors 112, cameras 113, medical instruments 115, and other data inputdevices. Examples of various data collectors 110 are further describedin FIG. 4.

Data collectors 110 may collect data from various sources and using avariety of methods. For example, data collectors 110 may collect thedata from user's mobile devices, as depicted for user 182. The user'smobile devices may include smart phones, electronic watches,eye-glasses, portable sensors, portable communication devices, and thelike.

Data collectors 110 may also collect data from user's portablecomputers, as depicted for user 184. The portable computers may includelaptops, smart phones, tablets, smart pens, portable sensors, and thelike. Furthermore, the data may be collected from user's computers,workstations, and the like.

Data collectors 110 may also collect data from user's interfacesassociated with various types of appliances and computing devices, asdepicted for user 186. For example, the data may be collected fromuser's interfaces implemented in large home appliances, such asrefrigerators, freezers, washing machines, dryers, dishwashers,microwaves, stoves, electrical heaters, gas heaters, and the like.Further, the data may be collected from the user's interfacesimplemented in small home appliances, such as wine coolers, smallelectrical appliances, and the like.

Furthermore, data collectors 110 may collect data from user's interfacesof security systems, such as alarm systems, commercial security systems,residential security systems, banks, credit unions, and the like.

Moreover, data collectors 110 may collect data from sensors, cameras andother devices and instruments configured to provide biometric data ofthe user. Some of the examples of such devices are described in FIG. 4.

Data collectors 110 may also collect data from vehicles, motorcycles,elevators, security compartments, and other engine-operated devices. Forexample, the data may be collected from the sensors and camerasinstalled in vehicles, elevators, and the like.

Processing units 140 may comprise one or more units configured tocollect data provided by data collectors 110, and one or moreapplications configured to implement the presented approach. Forexample, processing units 140 may be configured to process the collecteddata, generate characteristics combinations, store the combinations indatabases, use the characteristics combinations to identify/authenticateusers and use the characteristics combinations to determine whether theusers are capable of performing certain functions. Examples of variousprocessing units 140 are described in FIG. 5.

In an embodiment, data provided to, processed by, and generated byprocessing units 140 may be stored in one or more storage devices 122,124, 126, 128. For example, the data may be stored in one or moredatabase implemented in one or more storage devices, such as disks 122,124. The data may also be stored in one or more cloud storage systems128, and any additional storage devices, such as an additional storage126.

In an embodiment, one or more storage devices, from storage devices 122,124, 126, 128, are local storage devices with respect to processingunits 140, while other storage devices may be remote storage deviceswith respect to processing units 140. Depending on the implementations,the storage devices may be shared, centrally or locally managed, and thelike.

In an embodiment, the system is configured to receive inputs from auser, and based on the provided inputs and data stored in referencedatabase, determine whether the user's request to access resources maybe granted. If a match between the user-provided input and referencedata stored for the user in the reference database is found, then thesystem may generate instructions and send the instructions to thedevices which the user attempted to access. For example, if a user triedto watch an adult movie on television, but the system determined thatthe user is a child and does not meet the requirements set inparental-control-settings for the television programs, then the systemmay prevent the user (child) from watching the adult movie.

Biometric Characteristics

Biometric identifiers encompass a wide range of human or mammalianphysiological and behavioral characteristics. Physiologicalcharacteristics may be further categorized as “physical” in nature, suchas fingerprints, palm prints, vein patterns, facial features patterns,palm lines and patterns, foot-imprint lines and patterns, retinal irispatterns, and the like. Other characteristics such as pulse rates, DNAcodes, blood oxygen or alcohol contents, blood sugar levels, body scentsand odors, body temperature readings, respiration rates, blood pressurereadings, and the like may be described as “biological” in nature.Behavioral characteristics may include voice intonations, gaitcharacteristics, gestures (smile/frown, eye blink), handwritingpatterns, and the like.

In an embodiment, a biometric identification and authentication systememploys two or more physiological (either physical or biological), andbehavioral characteristics, and therefore, is capable of more accuratelyand reliably identify and authenticate users than the conventionalsystems can do.

In an embodiment, a biometric identification and authentication systemis configured to determine specific combinations of selectedcharacteristics and use the determined specific combinations to identifyand authenticate users and/or to determine whether the users are capableof performing certain functions. Examples of such combinations mayinclude a combination comprising of facial features characteristics andfingerprints characteristics, a combination comprising face featurescharacteristics and palm imprint characteristics, a combination of voicefrequencies characteristics and facial features characteristics, acombination of retinal iris patterns characteristics and voicefrequencies characteristics, and the like.

A multi-modal biometric identification and authentication system mayemploy combinations of only physiological biometric characteristics,combinations of only biological characteristics, combinations of onlybehavioral characteristics, and combinations of any two or more types ofcharacteristics.

Values of biometric characteristics may be collected using varioussensors and detectors, various data measuring and collecting devices,various probes, and the like.

Furthermore, values of biometric characteristics may be collected usingdifferent types of data collections and different data collectionschedules. For example, the values of the characteristics may becollected simultaneously. In other embodiments, one or more of thevalues of the characteristics may be collected at certain timeintervals, according to certain schedules, and the like. Thus, a userwho may have been granted access may have that access revoked due tosome disqualifying characteristic change. For example, if a user's heartrate indicates that the user is experiencing a cardiac arrest, theappliance being used may prevent a further operation of the particularsystem or a particular function in that system. Moreover, if the valueschange in such a way as to indicate an emergency situation (such as acardiac arrest or a sudden death), then the device may take certainactions such as alerting emergency response providers, shutting downaccess to the system or function of system, or the like.

Reference Databases

In an embodiment, values of biometric characteristics are collected andused to generate a reference database. A reference database may compriseone or more databases organized according to any known databaseorganization schemes, including flat databases, hierarchical databases,and the like. The databases may be configured to store values of thebiometric characteristics for individuals, and may be indexed based onthe individuals' identifiers, populations of individuals, combinationsof characteristics determined for individuals and the like.

Values of biometric characteristics may be stored locally and/orremotely with respect to the sensors collecting the values. For example,reference values of characteristics combinations may be stored on adevice that is equipped with sensors and that uses the reference valuesto control access to the device. Alternatively, reference values may bestored at locations that are remote with respect to the device that usesthe reference values to control access to the device. For example,reference values may be stored in data storages that are shared by aplurality of devices, in data storage cloud, and third-party storagedevices, and the like.

In an embodiment, biometric characteristics may be divided into severalgroups. One group may include characteristics that are referred to astypical characteristics, while another group may include characteristicsthat are referred to as user-specific or user-inputted characteristics.Other groups may include groups of characteristics that are unique togroups of individuals, or groups of characteristics identified based onthe type of devices that may be controlled using such characteristics.

Combinations of Characteristics

Determining combinations that may be used to identify/authenticate usersand/or determine whether the users can perform certain actions (or beingable to continue performing certain functions) may be accomplishedheuristically, or based on a training process, optimization approaches,and the like. For example, an initial model of the combinations may bedesigned, and based on the training data. The initially determinedcombinations may be refined and modified until the selection of thecombinations meets certain criteria and requirements.

Examples of combinations that may be initially selected as useful inauthenticating users may include a combination of a facial featurespattern and a blood alcohol level reading. Another example may include acombination of a finger imprint data and a heart pulse rate reading.Other combination may include a voice intonation pattern and a bodyscent characteristic.

In an embodiment, one or more combinations, each comprising at least twocharacteristics, may be used to control access to various devices,vehicles, locations, and the like. For example, the system may determineone or more combinations of characteristics that may be used to controlaccess to a residential wine cooler. If a user who attempts to open thewine cooler provides certain values of the particular combination of thecharacteristics that match the reference characteristics, then the usermay be granted access to the cooler and may be able to open the cooler.That may be particularly useful if the parents are trying to control theaccess to the wine cooler by preventing their adolescent children fromopening the cooler.

The fact that not just one, but at least two characteristics areincluded in a combination is significant. For example, continuing withthe wine cooler example, the combinations may be determined in such away that overwriting or bypassing the security measures may be moredifficult than if just one characteristic is used. If one characteristicis used, then the cooler security system may be easily compromised byforging for example the access code. For example, if the cooler securitysystem is equipped with a papillary line scanner, and requires that arequestor provides a correct imprint of the papillary lines of a thumb,then such a security system may be easily compromised by providing forexample, paraffinic-based imprints of an authorized user. However, byemploying two or more characteristics into the cooler security system,compromising such a system may be difficult. For example, if the systemrequires providing a correct imprint of the papillary lines of a thumband a correct voice sample, both collected within a certain time period,then the security system employing such a combination of the twocharacteristics may be more reliable than if only one characteristic isused.

Examples of Biometric Characteristics

FIG. 2 illustrates examples of biometric characteristics. In in theillustrated example, biometric characteristics 210 comprise a pluralityof various types of characteristics, including physiologicalcharacteristics 220 and behavioral characteristics 230. Although thedepicted example shows two types of characteristics, other types orother methods of dividing the biometric characteristics may also beimplemented. The examples illustrated in FIG. 2 are non-limiting and arenot considered to be the only types of characteristics that may be usedin the presented system.

In an embodiment, physiological characteristics 220 used in thepresented system include various types and examples of thecharacteristics. The non-limiting examples include facial features,fingerprints, eye-iris patterns, eye-sclera patterns, eye-iris-scleraand eye-brows patterns, voice ranges, voice intonations, scents and bodyodors, DNA samples, blood pressure readings, sugar level readings, otherhuman fluids readings, oxygen levels in human bodies, temperaturemeasurements of human bodies, pulse rate readings, heart-specific data,and the like. Other types of physiological characteristics 220 may alsobe used in the presented system.

In an embodiment, behavioral characteristics 230 used in the presentedsystem may include various types and examples of the characteristics.The non-limiting examples include audio-based behavioralcharacteristics, such as voice intonation, voice levels, voicefrequencies, voice volume and other human-voice characteristics.Behavioral characteristics 230 may also include visual-based behavioralcharacteristics, such as human's postures, gestures, facial expressions,and the like. Furthermore, characteristic 230 may include habits'patterns, such as whether a user enters data using a right hand or aleft hand, and the like.

The above examples of biometric characteristics are provided toillustrate some of the examples. Other types of the biometriccharacteristics not described in FIG. 2 may also be used.

Furthermore, the biometric characteristics may be used in combinationwith other, non-biometric characteristics. For example, a system may beconfigured to authorize access to a secured facility if a user providesa correct voice two or more samples and/or correct textual(non-biometric) information.

According to another example, a system may be configured to authorize anelectronic financial transaction if a user provides correct textual(non-biometric) information and the system receive a scanned image ofthe user's eye-iris pattern that matches the eye-iris pattern saved forthe users that are authorized to initiate such financial transactions.

By designing the system to use combinations of biometric characteristicsand/or combinations of biometric and non-biometric characteristics, thesystem provides a high-level of reliability and accuracy. For example,the systems that merely rely on user-provided textual credentials, suchas user login and password information, are usually not very reliablesince the textural credentials may be intercepted or otherwise obtainedor generated. In contrast, the presented system may be difficult tocomprise because the likelihood that an intruder may provide correctvalues of two or more different biometric characteristics of anauthorized user is rather low. For example, while a user login andpassword to access a user's bank account may be easily intercepted, itmay be quite difficult to intercept the correct user's voice sample andthe correct user's oxygen level sample that match the samples stored forthe user in a reference database.

Using two biometric or non-contact sensors may also reduce issuescreated by a user forgetting a passcode. Also, using these systems maymake the authentication process more seamless for the user. For example,no prompts for a passcode need to be implemented. The user may simplyengage or otherwise initiate the system and components of the system,such as biometric sensors employed by the system, can initiate anauthentication of the user. Thus, the user is only inconvenienced whenthe user's request to access a device/resource is denied.

Collecting Biometric Characteristics

FIG. 3 illustrates examples of collecting user-specific biometriccharacteristics 310. The examples depicted in FIG. 3 are provided forillustration purposes and are not considered to be limiting in anysense.

In the depicted example, values of user-specific biometriccharacteristics 310 may be collected simultaneously, as depicted in 332,or almost-simultaneously as depicted in 333. The values may also becollected based on sequential measurements, as depicted in 334,collected based on a contact probing, as depicted in 336, or collectedbased on a non-contact probing, as depicted in 336. Furthermore, thevalues may be collected based on an on-line-of-sight probing, asdepicted in 337, or collected based on an off-line-sight probing, asdepicted in 338. Other methods of collecting values of the biometric andnon-biometric characteristics may also be implemented.

Collectors of Biometric Characteristics

FIG. 4 illustrates various examples of collectors of biometriccharacteristics. The examples depicted in FIG. 4 are provided forillustration purposes and are not considered to be limiting in anysense.

In the depicted example, data collectors 110 include sensors 112,cameras 113, probes 114, medical instruments 115, laser diodes 116 andscattered light measuring devices 117. Other types of data collectors110 may also be used.

Sensors 112 may include micro-electro-mechanical sensors 112 a,pico-electro-mechanical sensors 112 b, sensors 112 c implemented inappliances, vehicles, elevators, olfactory sensors 112 d, piezoelectricsensors 112 e, and the like. Although not depicted in FIG. 4, sensors112 may also include microphones, scanners and other devices configuredto collect biometric data.

Cameras 113 may include video cameras 113 a, infra-red cameras 113 b,other types of cameras 113 d and combinations of various types ofcameras. The cameras may collect individual samples or may be programmedto collect a series of samples during certain time periods or sampled atcertain time intervals.

Probes 114 may include scent and body odor probes 114 a, audio signalprobes 114 b, temperature probes 114 c, combinations of various types ofprobes 114 d, electrochemical, ampere-metric and potentiometers 114 e,and the like.

Medical instruments 115 may be used to collect specimens from users andperform medical tests on the specimens and users. Medical instruments115 may include EKG devices 115 a, blood testers, 115 b, other fluidanalyzers 115 c, oxygen level testers 115 d, and the like. Although notdepicted in FIG. 4, the medical instruments may also include theinstruments configured to measure a heart pulse rate, a blood pressure,and the like.

Laser diodes 116 may be used to use laser technology to collect valuesof biometric characteristics from users. For example, laser diodes 116may be used to collect visual characteristics of user's palms, feetimprints, and the like.

Scattered light measuring devices 117 may be used to obtain readings ofglucose levels in human bodies. Furthermore, scattered light measuringdevices 117 may be used to measure a dehydration level by emitting ascattering pattern of incident light (also referred to as a “speckleeffect”). Scattered light measuring devices 117 may also be used tomeasure a heart pulse rate, and the like.

Collecting Biometric Characteristics

FIG. 5 illustrates an example of a process of collecting and usingbiometric user-specific attributes.

In an embodiment, data 560, consisting of values of biometriccharacteristics collected from users, is provided to a user interface146, or other interface configured to receive data.

Interface 146 may provide data 560 to one or more processing units 140,one or more comparators 142, one or more rule and policy managers 144,and other types of units involved in collecting and processinguser-specific biometric characteristics.

Data 560 may also be stored in one or more storage devices, organized asreference databases 510.

Reference databases 510 may comprise one or more disk-based storagedevices 122, 124. Reference database 510 may also comprise one or morecloud storage systems 128 and any additional storage system 126.

Based on the collected user-specific biometric characteristics, one ormore processing units 140 may determine one or more combinations ofbiometric characteristics. A user may have one or more combinations ofbiometric characteristics. The combinations are selected for a user insuch a way that the values of each of the combinations created for theuser uniquely identify the user. Examples of various characteristics aredescribed in FIG. 2.

Combination of characteristics determined for a user may be stored inreference databases 510. The combinations may be used as references todetermine later one whether a user may be granted access to devicesand/or whether the user can perform certain functions.

Comparators 142 may be configured to use data stored in referencedatabases 510 to compare them with values provided by a user when theuser requests access to certain devices.

Rule and policy managers 144 may be configured to apply rules torequests submitted by users and to determine whether the user' requestsmay be granted. Rule and policy managers 144 may use values stored inreference databases 510, rules 512, policies 513 and method 514. Othercomponents of the data processing apparatus for using user-specificbiometric characteristics and attributes may also be implemented.

Reference Data to Identify or Authenticate Users or Devices

Continuing with the example depicted in FIG. 5, the system may be usedto determine whether a user's request to access to resources may begranted, and/or whether a user can perform certain functions. The systemmay also be used to determine authenticity or ownership of devices.

In an embodiment, once reference databases 510 are created and valuesfor one or more combinations of biometric characteristics for the usersare created, the system may be deployed to perform an onlineidentification/authentication of users. For example, a user may providehis samples 570 of two or more biometric characteristics to the system,and the system may determine whether a user request to access a resourcemay be granted.

Upon receiving samples 570, processing units 140 may determine anidentification of the user, and use the identification data to retrieveone or more reference combinations stored for the user in referencedatabases 510.

Comparators 142 may use samples 570 and values of reference combinationsstored for the user to determine whether a match between the samples andthe reference values exists. The comparators may rely on rule and policymanagers 144, which in turn may retrieve rules 512, policies 513 andmethods 514. Additional elements and components may also be used bycomparators 142.

If a match between user-provided samples 570 and user-specific referencevalues for the user is found, then processing units 140 may determine aresponse for the user. The response may include control instructions 580for controlling a device which the user attempted to access. Forexample, the control instructions may allow the user to access an onlinebank account, to access a building, to request a secure printing on aprinting device, and the like.

However, if processing units 140 determine that no match betweenuser-provided samples 570 and user-specific reference values for theuser is found, then processing units 140 may generate a rejection to theuser's request to access a device. For example, processing units 140 maygenerate control instructions to lock a vehicle which the user tried toopen.

User Profiles

In an embodiment, profiles are created for users. A profile created foran individual may contain values of two or more user-specific biometricparameters and may be used each time the user requests an access to aresource/device/appliance, or each time the user exhibits certain typesof behavior. For example, when a user tries to use a tablet, one or moresensors mounted on the tablet may collect samples of the user' s irispattern and samples of the user' s eye-brows, and use the samples todetermine whether the collected samples match reference values stored inreference databases 510 for the user. If a match is found, then the usermay be granted access to the tablet. However, if no match is found, thenthe user may be unable to use the tablet.

In an embodiment, values of two or more user-specific biometricparameters may be used to control user' s access to one or more devices.For example, for each user and for each device which the user may beallowed to control, samples of distinct characteristics may be collectedfrom the user in advance. When a user issues a request to access aparticular device, the user would be asked to provide samples of suchdifferent characteristics. If, based on the user-provided samples, theuser is positively authenticated, then the user may be authorized to usethe particular device. Implementations of user profiles may vary.

FIG. 8A illustrates an example user profile 810. In the depictedexample, user profile 810 comprises one or more links, pointers, orother data structures configured to hold data. One of the links/pointerspoints to a data structure 812, configured to hold a user name,identification, and other forms of user's identification. Anotherlink/pointer may point to a data structure 814, configured to storevalues of combination A, which may be created to determine whether auser may access a tablet. Other link/pointer may point to a datastructure 816, configured to store values of combination B, which may becreated to determine whether the user may open a wine cooler. Otherlink/pointer may point to a data structure 818, configured to storevalues of combination C, which may be created to test whether the useris under influence of alcohol, and if so, allow processing units togenerate control instructions, which when execute, would prevent theuser from operating a vehicle.

In an embodiment, different user profiles may be used for distinctfunctions. For example, a user who initially gains access to a tabletmay have to re-authenticate before accessing bank information using thetablet.

Furthermore, one or more rules may be implemented in the system. A ruleassociated with the bank account may require additional biometricinformation from one or more users. For example, the system may includea rule or the additional biometric information from other persons, suchas a spouse, a child, and the like.

In an embodiment, a system is configured to create one or more rules,and to update the rules for one system from another system. For example,the system may update the user and/or device profile for a buildingaccess point remotely from a smart phone using one or more sensorsassociated with the smart phone. Thus, if a homeowner and his friend areremotely located from the house that is part of the disclosed system,then the home owner may remotely create a profile for his friend. Theprofile for the friend may be created remotely using the biometricsensors on a smart phone. The profile may allow the friend to access andenter the house when the homeowner is not present.

Other organization and types of user profiles may also be implemented.

Device Profiles

In an embodiment, profiles are created for devices. For example, aprofile may be created for a device, such as a wine cooler. A deviceprofile may include a set of combinations which contain biometric dataof one or more user. If a user provides samples of the biometricattributes that match the data stored for the device in referencedatabases, then processing units may generate control instructions,which when executed, may cause opening the door of the wine cooler andallow the user to access the cooler.

FIG. 8B illustrates an example profile 820 created for a device. In theillustrated example, a device profile for a wine cooler may includecombinations that contain Betty's biometric data, and combinations thatcontain John's biometric data. That way both Betty and John may besuccessfully authenticated to open the cooler if they provide correctsamples of the biometric data.

In the case of a vehicle, a device profile may contain a set ofcombination created for accessing the vehicle, and a set of combinationsfor testing whether a driver can perform certain functions. For example,one combination may include user samples that indicate whether a driverappears to be under the influence of alcohol. If a user attempts tostart an engine of the vehicle, one or more cameras may collect visualdepictions of the user and one or more scent-sensors may collect scentsamples from the user. If processing units determine that the userappears to be under the influence of alcohol, then the processing unitsmay generate control instruction, which when executed, would prevent theuser from starting the engine of the vehicle.

Referring again to FIG. 8B, in the depicted example, device profile 820comprises one or more links, pointers, or other data structuresconfigured to hold data. One of the links/pointers points to a datastructure 822, configured to hold a user name, identification and otherforms of the user's identification. Another link/pointer may point to adata structure 824, configured to store values of combination P, whichmay be created to store and provide values to be matched with user'sprovided values and used to determine whether the user may access atablet. Other link/pointer may point to a data structure 826, configuredto store values of combination R, which may be created to store andprovide values to be matched with user's provided values and used todetermine whether the user may open a wine cooler. Other link/pointermay point to a data structure 828, configured to store values ofcombination S, which may be created to determine whether the user isunder the influence of alcohol, and if a match is found, then togenerate control instructions, which when executed, would prevent theuser from operating a vehicle.

FIG. 8C is another example of a device profile 830. This example is ahybrid profile, and may comprise various elements of user's profile 810and device profile 820. The depicted example illustrates one or morecombinations A-C and one or more function combinations X-Z. Thecombinations may be organized for each user or for groups of users,whose names and identifications are provided in a data structure 832.

Example Process

FIG. 6 illustrates an example of a process of using biometricuser-specific attributes. Data collection 610 may include data collectedusing a variety of methods. The collected data may include informationabout users, devices, attributes, characteristics, and the like.

Collection of attributes' values 620 may include determining uniquecombinations of biometric attributes and storing values of thecombinations in reference databases 510. This type of collection may beperformed off-line, or during a pre-deployment stage. For example, thedata may be collected simultaneously, sporadically, and/or sequentially.Various collection methods are described in FIG. 3.

Collection of attributes' values 620 may also be performed once thesystem is deployed into production, and configured to process onlinerequests. For example, the collection may include collecting, orotherwise receiving, data from users who request access to devices, andthe like.

Comparison of attributes' values 630 may include comparing user-providedvalues of biometric attributes with the reference user-specificbiometric attributes stored in reference databases 510. The comparisonmay involve invoking rules 622, policies 624, and comparisons algorithms662. Comparison algorithms 662 may use attributes database selectors663, which in turn may refer to general databases 665, specificdatabases 666 and other types of databases 667.

Multimodal biometric analysis systems utilize a combination of biometricattributes or values to control access to consumer-oriented devices. Thebiometric system relies on a comparison of the biometric attributes orvalues stored in a reference database to those attributes or valuesmeasured at the time and place of use when access or authentication isrequested.

The use of authenticator-ranking of biometric attributes or values canbe used to address environmental circumstances which make a measurementand comparison of biometric attributes or values difficult, ormeasurements of the age of the reference biometric attributes or valuesused to make the comparison difficult. The ranking may change withenvironmental situations, the “age” of the reference biometric data, andso on as determined by the authenticator. Furthermore, the authenticatormay use the ranking order as an additional security means to grantaccess or authorization.

For example, for use in adverse environments, such as a “noisy”environment or a low light environment, the authenticator may desire toestablish a precedence of biometric attributes or values to be used:First biometric attributes or values resulting from touch or contactwith the sensor, like a finger, thumb or palm prints or EKG pattern,then an iris or retinal scanning, and not utilizing either voice orspeech recognition. Various other combinations of biometric attributesand values and orders of use can be devised.

Also, for example, in “low” light environments, the authenticator mayestablish a different authentication order based first on voice orspeech recognition, followed by a touch and not utilizing any biometricparameter based on facial recognition.

Further, the “authenticator” may desire to rank the use of the biometricattributes or values based on the ‘age’ of the reference data, therebyrelying on the most recent reference biometric reference data,subsequently followed by other biometric data sequenced by its ‘age,from the next most recent to the oldest.

Comparators may determine in step 640 whether a match is found betweenthe user-provided values of biometric attributes and the referenceuser-specific biometric attributes stored in reference databases 510. Ifa match is found, then attributes updaters 650 may update the values ofcertain attributes or update selection of combinations.

Further, if a match is found, then processing units may generate aresponse to a user and control instructions 652 for addressing theuser's request.

If needed, the instructions may be modified, as depicted in 654. Forexample, the instructions may be overwritten. The overwriting may beperformed manually or automatically.

Final instructions may be executed, as depicted in 656. For example, theinstructions may be executed at a security gate, and execution of thecontrol instructions may allow the user to open the security gate andaccess the building.

However, if no match is found between the user-provided values ofbiometric attributes and the reference user-specific biometricattributes stored in reference databases 510, then the user-providedvalues of the biometric attributes are rejected, as depicted in 670. Inthe process, one or more rejections policies 672 may be applied, and theattributes' values in combinations may be updated, as depicted in 674.

Furthermore, one or more control instructions may be generated ormodified, as depicted in 676. The instructions may be executed to, forexample, reject a user's request to access a device or a user's requestto operate a vehicle.

In an embodiment, upon rejection certain values of user's attributes,the algorithms for selecting one or more combinations for a user may bemodified. For example, the algorithms may be refined, the routes may beretried (690) and values of the biometric attributes may be resampled.

Example Process for Using Biometric Data to Identify or AuthenticateUsers

FIG. 7 illustrates an example flow chart for a process of usingbiometric user-specific attributes to identify or authenticate users.

In step 710, the process collects data about users, combinations ofbiometric user-specific attributes, devices, rules, policies, and thelike. This may include determining unique combinations of biometricattributes and storing values of the combinations in reference databases510. This type of collection may be performed off-line, or during apre-deployment stage.

In step 720, attributes' values are collected. The attributes' valuesmay also be referred to as user-samples, or samples of user-specificbiometric attributes. The samples may be collected using a variety ofmethods. For example, the samples may be collected simultaneously,sporadically, and/or sequentially. Various collection methods aredescribed in FIG. 3.

Collection of attributes' values may also be performed once the systemis deployed into production, and configured to process online requests.For example, the collection may include collecting or otherwisereceiving data from users who request access to devices, and the like.

In step 730, the process retrieves reference attributes' values. Thisstep is a part of the online processing of users' requests. For example,if a user requested access to a building and the user provided hissamples of biometric attributes, then such samples will be matched withthe reference attributes' values.

In step 732, the process compares the user-provided values of biometricattributes with the reference user-specific biometric attributes storedin reference databases 510. The comparison may involve invoking rules622, policies 624, and comparisons algorithms 662. Comparison algorithms662 may use attributes database selectors 663, which in turn may referto general databases 665, specific databases 666 and other types ofdatabases 667.

Comparators may determine whether a match between the user-providedvalues of biometric attributes and the reference user-specific biometricattributes stored in reference databases 510 is found.

If in step 740, a match is found, then the values of certain attributesmay be updated in step 750, and/or the selections of combinations may beupdated.

Further, if a match is found, then in step 752, the process generates aresponse to a user and control instructions for addressing the user'srequest.

If needed, then in step 754, the instructions may be modified. Forexample, the instructions may be overwritten. The overwriting may beperformed manually or automatically.

In step 756, the instructions may be executed. For example, theinstructions may cause granting access to the device to which the userrequested the access.

However, if no match is found between the user-provided values ofbiometric attributes with the reference user-specific biometricattributes stored in reference databases 510, then in step 770, theuser-provided values of the biometric attributes are rejected.

In step 772, one or more rejections' policies may be applied, and instep 774, the attributes' values in combinations may be updated.

Furthermore, in step 776, one or more control instructions may begenerated or modified.

In step 778, the instructions are executed to for example, reject auser's request to access a device or a user's request to operate avehicle.

Alternatively, if no match is found between the user-provided values ofbiometric attributes with the reference user-specific biometricattributes stored in reference databases 510, then the process may retryroutes, select different combinations of user-specific biometriccharacteristics, resample values of the biometric attributes, andperform other steps to refine the selection of the combinations, rulesand policies.

In an embodiment, an approach is presented foridentifying/authenticating an individual and for determining theindividual's capabilities to perform certain functions based on the twoor more biometric, user-specific characteristics. The approach is morereliable and accurate than conventional systems that perform such stepsby relying only on one parameter.

In an embodiment, an approach is presented that relies on a comparisonbetween the values of two or more biometric user-specific parametersstored in a reference database and the values of the parameters enteredto the system by the user when the user requests access to resources.The approach is more reliable and accurate than conventional systemsthat rely on a comparison based on the norms computed from averagedvalues sampled from a population of users.

Hardware Overview

According to one embodiment, the techniques described herein areimplemented by one or more special-purpose computing devices. Thespecial-purpose computing devices may be hard-wired to perform thetechniques, or may include digital electronic devices such as one ormore application-specific integrated circuits (ASICs) or fieldprogrammable gate arrays (FPGAs) that are persistently programmed toperform the techniques, or may include one or more general purposehardware processors programmed to perform the techniques pursuant toprogram instructions in firmware, memory, other storage, or acombination. Such special-purpose computing devices may also combinecustom hard-wired logic, ASICs, or FPGAs with custom programming toaccomplish the techniques. The special-purpose computing devices may bedesktop computer systems, portable computer systems, handheld devices,networking devices or any other device that incorporates hard-wiredand/or program logic to implement the techniques.

For example, FIG. 9 is a block diagram of a computer system with whichan embodiment may be used. Computer system 900 includes a bus 902 orother communication mechanism for communicating information, and ahardware processor 904 coupled with bus 902 for processing information.Hardware processor 904 may be, for example, a general-purposemicroprocessor.

Computer system 900 also includes a main memory 906, such as arandom-access memory (RAM) or other dynamic storage device, coupled tobus 902 for storing information and instructions to be executed byprocessor 904. Main memory 906 also may be used for storing temporaryvariables or other intermediate information during execution ofinstructions to be executed by processor 904. Such instructions, whenstored in non-transitory storage media accessible to processor 904,render computer system 900 into a special-purpose machine that iscustomized to perform the operations specified in the instructions.

Computer system 900 further includes a read only memory (ROM) 908 orother static storage device coupled to bus 902 for storing staticinformation and instructions for processor 904. A storage device 910,such as a magnetic disk or optical disk, is provided and coupled to bus902 for storing information and instructions.

Computer system 900 may be coupled via bus 902 to a display 912, such asa cathode ray tube (CRT), for displaying information to a computer user.An input device 914, including alphanumeric and other keys, is coupledto bus 902 for communicating information and command selections toprocessor 904. Another type of user input device is cursor control 916,such as a mouse, a trackball, or cursor direction keys for communicatingdirection information and command selections to processor 904 and forcontrolling cursor movement on display 912. This input device typicallyhas two degrees of freedom in two axes, a first axis (e.g., x) and asecond axis (e.g., y), that allows the device to specify positions in aplane.

Computer system 900 may implement the techniques described herein usingcustomized hard-wired logic, one or more ASICs or FPGAs, firmware and/orprogram logic which in combination with the computer system causes orprograms computer system 900 to be a special-purpose machine. Accordingto one embodiment, the techniques herein are performed by computersystem 900 in response to processor 904 executing one or more sequencesof one or more instructions contained in main memory 906. Suchinstructions may be read into main memory 906 from another storagemedium, such as storage device 910. Execution of the sequences ofinstructions contained in main memory 906 causes processor 904 toperform the process steps described herein. In alternative embodiments,hard-wired circuitry may be used in place of or in combination withsoftware instructions.

The term “storage media” as used herein refers to any non-transitorymedia that store data and/or instructions that cause a machine tooperation in a specific fashion. Such storage media may comprisenon-volatile media and/or volatile media. Non-volatile media includes,for example, optical or magnetic disks, such as storage device 910.Volatile media includes dynamic memory, such as main memory 906. Commonforms of storage media include, for example, a floppy disk, a flexibledisk, hard disk, solid state drive, magnetic tape, or any other magneticdata storage medium, a CD-ROM, any other optical data storage medium,any physical medium with patterns of holes, a RAM, a PROM, and EPROM, aFLASH-EPROM, NVRAM, any other memory chip or cartridge.

Storage media is distinct from but may be used in conjunction withtransmission media. Transmission media participates in transferringinformation between storage media. For example, transmission mediaincludes coaxial cables, copper wire and fiber optics, including thewires that comprise bus 902. Transmission media can also take the formof acoustic or light waves, such as those generated during radio-waveand infra-red data communications.

Various forms of media may be involved in carrying one or more sequencesof one or more instructions to processor 904 for execution. For example,the instructions may initially be carried on a magnetic disk orsolid-state drive of a remote computer. The remote computer can load theinstructions into its dynamic memory and send the instructions over atelephone line using a modem. A modem local to computer system 900 canreceive the data on the telephone line and use an infra-red transmitterto convert the data to an infra-red signal. An infra-red detector canreceive the data carried in the infra-red signal and appropriatecircuitry can place the data on bus 902. Bus 902 carries the data tomain memory 906, from which processor 904 retrieves and executes theinstructions. The instructions received by main memory 906 mayoptionally be stored on storage device 910 either before or afterexecution by processor 904.

Computer system 900 also includes a communication interface 918 coupledto bus 902. Communication interface 918 provides a two-way datacommunication coupling to a network link 920 that is connected to alocal network 922. For example, communication interface 918 may be anintegrated-services digital network (ISDN) card, cable modem, satellitemodem, or a modem to provide a data communication connection to acorresponding type of telephone line. As another example, communicationinterface 918 may be a local area network (LAN) card to provide a datacommunication connection to a compatible LAN. Wireless links may also beimplemented. In any such implementation, communication interface 918sends and receives electrical, electromagnetic or optical signals thatcarry digital data streams representing various types of information.

Network link 920 typically provides data communication through one ormore networks to other data devices. For example, network link 920 mayprovide a connection through local network 922 to a host computer 924 orto data equipment operated by an Internet Service Provider (ISP) 926.ISP 926 in turn provides data communication services through theworld-wide packet data communication network now commonly referred to asthe “Internet” 928. Local network 922 and Internet 928 both useelectrical, electromagnetic or optical signals that carry digital datastreams. The signals through the various networks and the signals onnetwork link 920 and through communication interface 918, which carrythe digital data to and from computer system 900, are example forms oftransmission media.

Computer system 900 can send messages and receive data, includingprogram code, through the network(s), network link 920 and communicationinterface 918. In the Internet example, a server 930 might transmit arequested code for an application program through Internet 928, ISP 926,local network 922 and communication interface 918.

The received code may be executed by processor 904 as it is received,and/or stored in storage device 910, or other non-volatile storage forlater execution.

Determining Authenticity or Ownership of a Device

In an embodiment, a method for determining authenticity or ownership ofa device is presented. The method allows ascertaining whether the deviceis a genuine device or a counterfeit. The method may also allowdetermining a rightful owner of the device, and determining whether thedevice is used properly and for legitimate purposes. Examples of devicesinclude identification cards, insurance cards, social welfare cards,driver licenses, legal documents, pieces of jewelry, valuable chattels,computerized security devices, motorized vehicles, motorized machinery,domestic appliances, consumer appliances, electronic devices, setupboxes, play stations, recorders and players, computer devices, portabledevices, smartphones, digital cameras, and the like.

The approach is versatile and widely applicable. Suppose that a customeris trying to return a smartphone to a smartphone retailer store. Usingthe presented approach, a clerk at the store may obtain an electroniccode stored or embedded in the smartphone, and compare the obtainedelectronic code with an original code of a manufacturer of this type ofsmartphones to determine whether the smartphone that the customer istrying to return is genuine or counterfeited.

According to another example, if a misplaced smartphone is found andbrought in to a smartphone service provider store, then, using thepresented approach, a clerk at the store may obtain an electronic codeembedded in the smartphone, compare the obtained electronic code with anoriginal code of a rightful owner of the smartphone to seek a match, andupon finding the match, contact the rightful owner to let them know thattheir smartphone has been found.

According to yet other example, if a customer brings a smartphone to asmartphone repair shop and requests warranty-based repairs to beperformed of the phone, then, using the presented approach, a technicianof the shop may obtain an electronic code embedded in the smartphone,compare the obtained electronic code with an original code of a rightfulowner of the smartphone to seek a match, and upon finding the match,determine whether the customer is the rightful owner of the smartphoneand whether the smartphone is still under the warranty.

Other examples of situations in which the presented approach may beuseful may include confirming authenticity of the device, providing aproof of purchase, authorizing warranty repairs, aiding recovery of lostor stolen items, tracing the device, obtaining access to a building,obtaining access to a venue, obtaining access to a motorized vehicle,authenticating to a communications computer network, authenticating to avoting booth, authenticating an electronic transaction, facilitating apayment, accessing confidential data, requesting access based on apersonal identification item, requesting replacement of a personalidentification item, and the like.

FIG. 10 illustrates an example flow chart of a process of usingidentification data received from a device to determine authenticity orownership of the device. The process may be fully automated andperformed by a computer processor, or at least partially automated. Toprovide clear examples, the process described in FIG. 10 is performed bya computer processor.

In step 1002, a computer processor receives identification data from adevice of a particular device type. The identification data may includeone or more samples, such as image samples, voice samples, electroniccode samples, and the like. The identification data is usually hiddensomewhere inside the device so it difficult to spot or see. For example,the identification data may be encoded in the device itself or imprintedin a portion of the device that is difficult to see. Examples ofparticular device types may include device brands, device utilities,device categories, and the like.

In step 1004, the computer processor determines an authentic provider ofone or more devices of the particular device type. An authentic providerof a device may be a manufacturer of the device, a distributor of adevice, an owner of the device, and the like. For example, if a deviceis a smartphone that is distributed or sold by a particular retailer,then an authentic provider may be the particular retailer. On the otherhand, if a device is an electronic key to a private safe box, then anauthentic provider may be an owner of the private safe box.

In step 1006, the processor retrieves reference data that was collected,usually in advance, from the authentic provider of the one or moredevices of the particular device type. Reference data may include aplurality of reference samples collected from the authentic provider.For example, if a device is a tablet of a particular type and that isdistributed and sold by a particular retailer, then the authenticprovider may be the particular retailer, and the reference data mayinclude original electronic code or logos that can be used to identifythe tablets of the particular type. The reference data may bedistributed to retail stores that sell the tablets, and clerks in thestores may use the original electronic code to verify authenticity ofthe tablets.

In step 1008, the computer processor compares the identification datawith the reference data to determine whether the identification datamatches the reference data. For example, if the identification dataincludes an image and a voice sample received from the device, and thereference data includes an image and a voice sample of an owner of thedevice, then the processor may compare the image received from thedevice with the image of the owner to determine if they match, andcompare the voice sample received from the device with the owner's voicesample to determine if they match.

If, in step 1010, the computer processor determines that theidentification data received from the device matches the reference datacollected for the authentic provider, then the processor proceeds toperforming step 1012; otherwise, the processor proceeds to performingstep 1014.

In step 1012, the computer processor determines that the device isauthentic. In this step, the processor may, for example, grant a userwho presented the device permission to use the device for authenticationpurposes. Subsequently, the processor proceeds to performing step 1016to finish executing the process.

However, if in step 1010, the processor determined that theidentification data received from the device does not match thereference data collected for the authentic provider, then the processorproceeds to performing step 1014, in which the processor determines thatthe device is not authentic. In this step, the processor may, forexample, deny a user who presented the device permission to use thedevice for authentication purposes. Subsequently, the processor proceedsto performing step 1016 to finish executing the process.

The process described in FIG. 10 may be repeated each time the processorreceives identification data from a device. The processor may beimplemented as a distributed system that has components installed atvarious locations and on various computer systems.

Identification Data of a Device

Identification data is usually something that is stored in a device orembedded in that portion of a device that is difficult to spot, access,or see. The identification data may be, for example, a voice sample ofan owner of a smartphone, and may be received from the smartphone oncethe smartphone is powered on and unlocked. The identification data ofthe device does not correspond, however, to a digital watermark or adigital signature imprinted on the device.

In an embodiment, identification data of a device includes a pluralityof identification data samples because relying on just one sample may beinsufficient to uniquely identify an owner or an authentic provider ofthe device.

Examples of identification data samples may include an image ofpapillary lines of a finger, an image of a thumb imprint, an image of apalm imprint, an image of a hand, an image of the device itself, animage of a face, an image of an eye, an image of an eye sclera, an imageof a logo, an image of a particular object, an image of a particulararrangement of objects, an image of a particular color, a voice sample,a music sample, alphanumeric code, a manufacturer serial number, apassword, and a person identification data.

In an embodiment, identification data of a device of a particular devicetype is encoded or embedded in the device by, or on behalf of, anauthentic provider of one or more devices of the particular device type.For example, if a device is a MontBlanc™ pen, then a manufacturer of theMontBlanc™ pens may embed, as identification data, an image of a logo ofthe MontBlanc™ pens inside the pen. The manufacturer may let know theretailers of the MontBlanc™ pens the location and the appearance of thelogo embedded in the pens, and provide instructions for determiningwhether a pen is an authentic MontBlanc™ pen or a counterfeit. Thus,when a customer is trying to return a pen to a MontBlanc™ store, a clerkat the store may look for the MontBlanc™ logo inside the pen, and if hefinds the logo, then he can scan the logo and compare it with the logoprovided by the MontBlanc™ manufacturer. If the logos match, then theclerk may ascertain the authenticity of the pen, and assist the customerin returning the MontBlanc™ pen. However, if the clerk cannot find thelogo inside the pen, or the logos do not match, then the clerk maydetermine that the presented pen is a counterfeit.

Accessing Identification Data

Identification data of a device may be presented to an inquiring partyeither actively or passively. In the active approach, the device isconfigured to transmit, or otherwise communicate, identification datasamples to the inquiring party. The active approach is usuallyapplicable to devices that can be powered on or are equipped withbatteries. For example, if the device is a tablet, then upon powering upthe tablet, the tablet may receive an electronic request from theinquiring party. In response to the request, the tablet may send anelectronic response to the inquiring party. The electronic response mayinclude a digital image that confirms authenticity of the tablet. Theresponse may also include a voice sample collected from an owner of thetablet. The image and the voice sample can be used to verify whether aperson presenting the tablet to the inquiring party is the owner of thetablet.

The passive approach applies to devices that are unable to send, orotherwise communicate, identification data to an inquiring party. Thepassive approach is usually applicable to devices that cannot be poweredon or are not equipped with batteries. For example, if the device is aMontBlanc™ pen which usually cannot generate and send electronicmessages on its own, then the pen may include an identification markimprinted somewhere inside the pen. In this case, the inquiring partymay have to disassemble the pen, and look for the identification markinside the pen.

Examples of Authentic Providers

In an embodiment, an authentic provider of a device is an owner of thedevice. For example, an authentic provider may be a person who purchasedthe device, or obtained the device from the owner upon receiving theowner' s permission.

An authentic provider may also be a manufacturer of the device, a lessorof the device, or a renter of the device. For example, an authenticprovider of the Mongoose bicycles may be Mongoose Division of DorelIndustries, Inc.

An authentic provider may also be an agency authorized to issue anddistribute certain legal documents, a retailer authorized to distributecertain devices, a contractor authorized to distribute certain devices,or an employer authorized to issue and distribute certain identificationcards. For example, an authentic provider of healthcare insuranceidentification card may be the Blue Cross Blue Shield Association.

Using Ranking to Determine Authenticity or Ownership of a Device

FIG. 11 illustrates an example flow chart of a process of rankingidentification data received from a device to determine authenticity orownership of the device. The process may be fully automated andperformed by a computer processor, or at least partially automated.

Steps 1102-1106 of FIG. 11 correspond to steps 1002-1006 of FIG. 10 andare described in detail in FIG. 10. It is assumed, however, that theidentification data received from a device includes a plurality ofidentification samples, not one or more identification samples. It isalso assumed that the plurality of identification samples includes atleast two samples that belong to distinct categories. For example, aplurality of identification samples may include one or more voicesamples and one or more image samples. Relying on the plurality ofidentification samples that includes at least two samples that belong todistinct categories enhances accuracy of the approach for determiningauthenticity or ownership of devices.

Furthermore, it is assumed that reference data collected for anauthentic provider includes not one or more reference samples, but aplurality of reference samples. It is also assumed that the plurality ofreference samples includes at least two samples that belong to distinctcategories. For example, a plurality of reference samples may includeone or more voice samples and one or more image samples. Relying on theplurality of reference samples that includes at least two samples thatbelong to distinct categories enhances accuracy of the approach fordetermining authenticity or ownership of devices.

In step 1108, the computer processor ranks identification samples of theplurality of identification samples based on certain criteria. Thecertain criteria may include one or more of: a date when identificationsamples of the plurality of identification samples were collected,importance of identification samples of the plurality of identificationsamples, reliability of identification samples of the plurality ofidentification samples, quality of environmental conditions at whichidentification of the plurality of identification samples werecollected, or preferences assigned to the identification samples of theplurality of identification samples.

In step 1110, the processor ranks reference samples of the plurality ofreference samples based on certain criteria. The certain criteria maycorrespond to the criteria used to rank the identification data, and mayinclude one or more of: a date when reference samples of the pluralityof reference samples were collected, importance of reference samples ofthe plurality of reference samples, reliability of reference samples ofthe plurality of reference samples, quality of environmental conditionsat which reference of the plurality of reference samples were collected,or preferences assigned to the reference samples of the plurality ofreference samples.

In step 1112, the processor determines two or more parameter categoriesto which at least two highly ranked identification samples, of theplurality of identification samples, belong.

In step 1114, the processor selects, for each of the two or moreparameter categories, at least one identification sample from theplurality of identification samples, and selects at least one referencesample from the plurality of reference samples that belong to theparameter category. Also in this step, the processor compares theselected identification samples with the selected reference samples tofind a match. This may include determining, for each of the two or moreparameter categories, whether any of the at least two highly rankedidentification samples, selected from the plurality of identificationsamples, matches the at least one reference sample, selected from theplurality of reference samples, within the same parameter category.

If, in step 1116, the processor determines, for each of the two or moreparameter categories, that at least one of the at least two highlyranked identification samples matches the at least one reference sampleselected from the plurality of reference samples and that belongs to theparameter category, then the processor proceeds to performing step 1118;otherwise, the processor proceeds to performing step 1120.

In step 1118, the processor determines that the device is authentic. Inthis step, the processor may, for example, grant a user who presentedthe device permission to use the device for authentication purposes.Subsequently, the processor proceeds to performing step 1122 to finishexecuting the process.

However, if in step 1116, the processor determined that thecorresponding samples do not match, then the processor proceeds toperforming step 1122, in which the processor determines that the deviceis not authentic. In this step, the processor may, for example, deny auser who presented the device permission to use the device forauthentication purposes. Subsequently, the processor proceeds toperforming step 1116 to finish executing the process.

The process described in FIG. 11 may be repeated each time the processorreceives identification data from a device. The processor may beimplemented as a distributed system that has components installed atvarious locations and on various computer systems.

1.-20. (canceled)
 21. A computerized data processing method to controlaccess to consumer devices, the method comprising: collecting aplurality of user-specific parameter values as a user attempts to accessa consumer device; determining that the plurality of user-specificparameter values was collected in a low light environment; ranking theplurality of user-specific parameter values by assigning high ranks tovalues collected using a voice and speech recognition device, andassigning low ranks to values collected as results of a contact with asensor; based on the ranking, selecting, from the plurality ofuser-specific parameter values, at least two of the plurality ofuser-specific parameter values that have the highest ranks; determiningtwo or more parameter categories to which the at least two of theplurality of user-specific parameter values belong; for each of the twoor more parameter categories, retrieving, from a reference database, atleast one user-specific reference value that belongs to a parametercategory and that has been stored in the reference database for theuser; for each of the two or more parameter categories, determiningwhether any of the at least two of the plurality of user-specificparameter values matches the at least one user-specific reference valuethat belongs to the parameter category; and in response to determining,for each of the two or more parameter categories, that at least one ofthe at least two of the plurality of user-specific parameter valuesmatches the at least one user-specific reference value that belongs tothe parameter category, granting, to the user, access to the consumerdevice.
 22. The computerized data processing method of claim 21, whereinthe values collected as results of a contact with a sensor comprisevalues resulting from touching the sensor with a finger, a thumb, or apalm, or having the sensor determine an EKG pattern.
 23. Thecomputerized data processing method of claim 21, wherein the valuescollected as a result of a contact with a sensor comprise valuesobtained by an iris scanning or a retinal scanning.
 24. The computerizeddata processing method of claim 21, wherein ranking the plurality ofuser-specific parameter values collected as the user attempts to accessthe consumer device is based on one or more criteria; wherein the one ormore criteria are selected from one or more of: a date whenidentification samples of the plurality of user-specific parametervalues were collected, importance of identification samples of theplurality of user-specific parameter values, reliability ofidentification samples of the plurality of user-specific parametervalues, quality of environmental conditions at which the identificationsamples of the plurality of user-specific parameter values werecollected, or preferences assigned to the identification samples of theplurality of user-specific parameter values.
 25. The computerized dataprocessing method of claim 21, wherein the consumer device is any oneof: a computerized security device, a motorized vehicle, a motorizedmachinery, a domestic appliance, a bank kiosk, a television set, a setupbox, a play station, a movie recorder, a computer device, a portabledevice, a smart phone, or a digital camera.
 26. The computerized dataprocessing method of claim 21, wherein granting, to the user, access tothe consumer device comprises one or more of: positively authenticatingthe user with a security system of the consumer device; determining thatthe user is capable of performing one or more functions with respect tothe consumer device, including starting the consumer device, operatingthe consumer device, or accessing resources of the consumer device;permitting to continue operating the consumer device; permitting towithdraw funds from a bank account using the consumer device; permittingto deposit funds to a bank account using the consumer device; permittingto watch a specially-rated television program on the consumer device;permitting to record a specially-rated television program on theconsumer device; permitting to play a specially-rated program on theconsumer device; permitting to access computer resources of the consumerdevice; or permitting to use functionalities of the consumer device. 27.The computerized data processing method of claim 21, further comprising:in response to determining, for each of the two or more parametercategories, that none of the at least two of the plurality ofuser-specific parameter values matches the at least one user-specificreference value that belongs to the parameter category, denying, to theuser, access to the consumer device.
 28. The computerized dataprocessing method of claim 27, wherein denying, to the user, access tothe consumer device comprises one or more of: refusing to positivelyauthenticate the user with a security system of the consumer device;determining that the user is incapable of performing one or morefunctions with respect to the consumer device, including starting theconsumer device, operating the consumer device, or accessing resourcesof the consumer device; turning off the consumer device; preventing theuser from withdrawing funds from a bank account using the consumerdevice; preventing the user from depositing funds to a bank accountusing the consumer device; preventing the user from watching aspecially-rated television program on the consumer device; preventingthe user from recording a specially-rated television program on theconsumer device; preventing the user from playing a specially-ratedprogram on the consumer device; preventing the user from accessingcomputer resources of the consumer device; or preventing the user fromusing functionalities of the consumer device.
 29. The computerized dataprocessing method of claim 21, wherein the plurality of user-specificparameter values includes two or more of: user credentials, atextual-based parameter value, a digital image, a biometric parametervalue, a physiological parameter value, or a behavioral parameter value.30. A computer system comprising: one or more hardware processors; adata collector performing: collecting a plurality of user-specificparameter values as a user attempts to access a consumer device; acomputer processor performing: determining that the plurality ofuser-specific parameter values was collected in a low light environment;ranking the plurality of user-specific parameter values by assigninghigh ranks to values collected using a voice and speech recognitiondevice, and assigning low ranks to values collected as results of acontact with a sensor; based on the ranking, selecting, from theplurality of user-specific parameter values, at least two of theplurality of user-specific parameter values that have the highest ranks;determining two or more parameter categories to which the at least twoof the plurality of user-specific parameter values belong; for each ofthe two or more parameter categories, retrieving, from a referencedatabase, at least one user-specific reference value that belongs to aparameter category and that has been stored in the reference databasefor the user; for each of the two or more parameter categories,determining whether any of the at least two of the plurality ofuser-specific parameter values matches the at least one user-specificreference value that belongs to the parameter category; and in responseto determining, for each of the two or more parameter categories, thatat least one of the at least two of the plurality of user-specificparameter values matches the at least one user-specific reference valuethat belongs to the parameter category, granting, to the user, access tothe consumer device.
 31. The computer system of claim 30, wherein thevalues collected as results of a contact with a sensor comprise valuesresulting from touching the sensor with a finger, a thumb, or a palm, orhaving the sensor determine an EKG pattern.
 32. The computer system ofclaim 30, wherein the values collected as a result of a contact with asensor comprise values obtained by an iris scanning or a retinalscanning.
 33. The computer system of claim 30, wherein ranking theplurality of user-specific parameter values collected as the userattempts to access the consumer device is based on one or more criteria;wherein the one or more criteria are selected from one or more of: adate when identification samples of the plurality of user-specificparameter values were collected, importance of identification samples ofthe plurality of user-specific parameter values, reliability ofidentification samples of the plurality of user-specific parametervalues, quality of environmental conditions at which the identificationsamples of the plurality of user-specific parameter values werecollected, or preferences assigned to the identification samples of theplurality of user-specific parameter values.
 34. The computer system ofclaim 30, wherein the consumer device is any one of: a computerizedsecurity device, a motorized vehicle, a motorized machinery, a domesticappliance, a bank kiosk, a television set, a setup box, a play station,a movie recorder, a computer device, a portable device, a smart phone,or a digital camera.
 35. The computer system of claim 30, wherein thecomputer processor also performs: in response to determining that, foreach of the two or more parameter categories, none of the at least twoof the plurality of user-specific parameter values matches the at leastone user-specific reference value, denying, to the user, access to theconsumer device.
 36. The computer system of claim 35, wherein denying,to the user, access to the consumer device comprises one or more of:refusing to positively authenticate the user with a security system ofthe consumer device; determining that the user is incapable ofperforming one or more functions with respect to the consumer device,including starting the consumer device, operating the consumer device,or accessing resources of the consumer device; turning off the consumerdevice; preventing the user from withdrawing funds from a bank accountusing the consumer device; preventing the user from depositing funds toa bank account using the consumer device; preventing the user fromwatching a specially-rated television program on the consumer device;preventing the user from recording a specially-rated television programon the consumer device; preventing the user from playing aspecially-rated program on the consumer device; preventing the user fromaccessing computer resources of the consumer device; or preventing theuser from using functionalities of the consumer device.
 37. One or morenon-transitory computer storage media storing instructions which, whenexecuted by one or more computer processors, cause performing:collecting a plurality of user-specific parameter values as a userattempts to access a consumer device; determining that the plurality ofuser-specific parameter values was collected in a low light environment;ranking the plurality of user-specific parameter values by assigninghigh ranks to values collected using a voice and speech recognitiondevice, and assigning low ranks to values collected as results of acontact with a sensor; based on the ranking, selecting, from theplurality of user-specific parameter values, at least two of theplurality of user-specific parameter values that have the highest ranks;determining two or more parameter categories to which the at least twoof the plurality of user-specific parameter values belong; for each ofthe two or more parameter categories, retrieving, from a referencedatabase, at least one user-specific reference value that belongs to aparameter category and that has been stored in the reference databasefor the user; for each of the two or more parameter categories,determining whether any of the at least two of the plurality ofuser-specific parameter values matches the at least one user-specificreference value that belongs to the parameter category; and in responseto determining, for each of the two or more parameter categories, thatat least one of the at least two of the plurality of user-specificparameter values matches the at least one user-specific reference valuethat belongs to the parameter category, granting, to the user, access tothe consumer device.
 38. The one or more non-transitory computer storagemedia of claim 37, wherein the values collected as results of a contactwith a sensor comprise values resulting from touching the sensor with afinger, a thumb, or a palm, or having the sensor determine an EKGpattern.
 39. The one or more non-transitory computer storage media ofclaim 37, wherein the values collected as a result of a contact with asensor comprise values obtained by an iris scanning or a retinalscanning.
 40. The one or more non-transitory computer storage media ofclaim 37, wherein granting, to the user, access to the consumer devicecomprises one or more of: positively authenticating the user with asecurity system of the consumer device; determining that the user iscapable of performing one or more functions with respect to the consumerdevice, including starting the consumer device, operating the consumerdevice, or accessing resources of the consumer device; permitting tocontinue operating the consumer device; permitting to withdraw fundsfrom a bank account using the consumer device; permitting to depositfunds to a bank account using the consumer device; permitting to watch aspecially-rated television program on the consumer device; permitting torecord a specially-rated television program on the consumer device;permitting to play a specially-rated program on the consumer device;permitting to access computer resources of the consumer device; orpermitting to use functionalities of the consumer device.